Menu
▾
▴
[Resteasy-users] Securing restEasy - different HTTP methods (GET/POST) with different security requirements.
|
From: Ho Y. L. <hy....@gm...> - 2011-07-20 22:37:02
|
Hi all, Is it possible to secure rest easy in such a way that you can allow unauthenticated users to, say, GET a resource, but only permit authenticated users in the correct roles to POST. Since the resource would using the same url pattern, presumably the entry in web.xml security constraint (web-resource-collection) would cover be apply regardless and the client would be required to authenticate even if they were just trying to do a GET. An example, in case my attempt at describing the problem in a generic way fell flat on its face :p Let's say I have an API that allows you to create a bunch of "widgets". You can do so by sending an HTTP *POST *to */widgets*, but you must be authenticated. If you want to look at the list of widgets that people have created, you can do so by sending an HTTP *GET *to */widgets*, but we you don't have to be authenticated. Possible? Thanks in advance, H.Y. |
